How to protect intranet security

Intranet is a main part of network application, and its security is paid more and more attention. Today, we will give you the brain to repair the security of the Intranet method.

For most enterprise LANs, routers have become one of the most important security devices in use. In general, most networks have a major access point. This is the "border router" that is typically used with a dedicated firewall.

With proper settings, edge routers can block almost all of the most stubborn bad molecules out of the network. If you want, this router will also allow good people to enter the network. However, a router that is not properly set up is just a little better than no security at all.

In the following guidelines, we will look at 9 convenient steps that you can use to secure your network. These steps will ensure that you have a brick wall that protects your network, not an open door.

　　1. Modify the default password!

According to foreign surveys, 80% of the security breach is caused by weak passwords. There is a broad list of default passwords for most routers on the network. You can be sure that someone in some place will know your birthday. The Securitystats.com website maintains a detailed list of available/unavailable passwords, as well as a password reliability test.

　　2. Turn off IP direct broadcast (IP directed broadcast)

Your server is very obedient. Let it do what it does, and no matter who sends the instructions. A smurf attack is a denial of service attack. In this attack, an attacker uses a fake source address to send an "ICMP echo" request to your webcast address. This requires all hosts to respond to this broadcast request. This situation will at least degrade your network performance.

Refer to your router information file to find out how to turn off IP direct broadcasting. For example, the command "#no IP source-route" will turn off the IP direct broadcast address of Cisco routers.

　3. If possible, turn off the HTTP settings for the router

As the Cisco technical Note briefly explains, HTTP uses an identity protocol that is equivalent to sending an unencrypted password to the entire network. Unfortunately, however, there is no valid rule for verifying a password or a one-time password in the HTTP protocol.

Although this unencrypted password may be convenient for you to set up your router from a remote location (for example, at home), you can do what you can. Especially if you are still using the default password! If you have to manage the router remotely, make sure you use the SNMPV3 version of the protocol because it supports more stringent passwords.

　　4. Block ICMP ping request

The primary purpose of ping is to identify the host that is currently in use. As a result, ping is typically used for reconnaissance activities prior to a larger scale of coordinated attacks. By canceling the ability of a remote user to receive ping requests, you are much more likely to avoid unnoticed scan activities or to defend "script boys" (scripts kiddies) that look for vulnerable targets.

Note that doing so does not actually protect your network from attack, but this will make you less likely to be an attack target.

　5. Turn off IP Source routing

The IP protocol allows a host to specify that packets are routed through your network rather than allowing the network component to determine the best path. The legitimate application of this feature is to diagnose connection failures. However, this use is rarely used. The most common use of this feature is to mirror your network for reconnaissance purposes, or for an attacker to look for a backdoor in your private network. This feature should be turned off unless you specify that this feature should be used only for troubleshooting purposes.

　　6. Determine the requirements of your packet filtering

There are two reasons for blocking the port. One of them is appropriate for your network based on your level of security requirements.

For highly secure networks, especially when storing or maintaining secret data, it is usually required to be allowed to filter. In this provision, all ports and IP addresses need to be blocked in addition to the network functionality. For example, port 80 for web traffic and 110/25 ports for SMTP allow access from a specified address, and all other ports and addresses can be closed.

Most networks will enjoy an acceptable level of security by using the "Filter by reject request" scenario. When using this filtering policy, you can secure your network by blocking ports that your network does not use and Trojan horses or frequently used ports for reconnaissance activities. For example, blocking 139 ports and 445 (TCP and UDP) ports will make it more difficult for hackers to perform exhaustive attacks on your network. Blocking 31337 (TCP and UDP) ports makes it harder for the back orifice Trojan to attack your network.

This work should be determined at the network planning stage, when the requirements of the security level should meet the needs of the network users. View a list of these ports for the normal purpose of these ports.

　7. Establishment of admission and outgoing address filtering policy

Establish a policy on your border router to filter out security breaches of access to and from the network based on IP addresses. In addition to exceptional unusual cases, all IP addresses that attempt to access the Internet from within your network should have an address assigned to your local area network. For example, 192.168.0.1 this address may be legal to access the Internet via this router. However, 216.239.55.99 this address is likely to be deceptive and is part of an attack.

Instead, the source address of the communication from outside the Internet should not be part of your internal network. Therefore, the address of 192.168.x.x, 172.16.x.x and 10.x.x.x should be blocked.

Finally, all traffic that has the source address or the reserved and unreachable destination address should be allowed through this router. This includes loopback address 127.0.0.1 or Class E address segment 240.0.0.0-254.255.255.255.

　　8. Maintain the physical security of the router

From a network sniffing point of view, routers are more secure than hubs. This is because routers intelligently route packets based on IP addresses, and all nodes in the hub broadcast data. If a system connected to that hub puts its network adapters in a chaotic mode, they can receive and see all the broadcasts, including passwords, POP3 communications, and web traffic.

Then, it is important to ensure that physical access to your network device is secure to prevent unauthorized laptops such as sniffing devices from being placed on your local subnet.

　9. Take time to review safety records

Reviewing your router records (through its built-in firewall feature) is the most effective way to detect security incidents, whether it's an ongoing attack or a symptom of a future attack. You can also identify Trojans and spyware programs that attempt to establish external connections using the logging of the Web. The careful security administrator can detect the "Red Code" and "Nimda" virus attacks before the virus propagator responds.

In addition, in general, routers are located on the edge of your network and allow you to see all the traffic in and out of your network.